Cryptanalysis and improvement of a certificateless aggregate signature scheme

Aggregate signature can combine n signatures on n messages from n users into a single short signature, and the resulting signature can convince the verifier that the n users indeed signed the n corresponding messages. This feature makes aggregate signature very useful especially in environments with low band width communication, low storage and low computability since it greatly reduces the total signature length and verification cost. Recently, Xiong et al. presented an efficient certificateless aggregate signature scheme. They claimed that their scheme was provably secure in a strengthened security model, where the "malicious-but-passive" KGC attack was considered. In this paper, we show that Xiong et al.'s certificateless aggregate signature scheme is insecure even against "honestbut-curious" KGC attack, an improved scheme which is really secure against "maliciousbut-passive" KGC attack in the random oracle model. Performance analysis shows that our new scheme is more efficient than the other secure certificateless aggregate signature schemes. (C) 2014 Elsevier Inc. All rights reserved.